Hyderabad: The Indian Computer Emergency Response Team (CERT-In), a government agency under the Ministry of Electronics and Information Technology, has issued a major security alert. The issue affects millions of devices, which are powered by MediaTek chipsets, including smartphones, smart TVs, routers, and other connected devices. The government institution rated the issue as ‘high’ in severity, which means that the problem could seriously affect users if not fixed quickly.
The cybersecurity researchers mentioned that MediatTek products have been reported to have multiple vulnerabilities. These issues include heap overflow and null pointer dereferences in Bluetooth, null pointer dereferences and incorrect authorisation in WLAN, and uncontrolled recursion in IMS service. These vulnerabilities could allow an attacker to gain elevated privileges or cause a denial-of-service condition on the targeted device.
Who is at risk?
Devices that are powered by MediaTek chipsets are under serious risk, as per CERT-In. This makes the issue significantly threatening for both regular users as well as businesses. MediaTek has acknowledged this vulnerability and is currently working with device makers to resolve the issue by rolling out software updates.
The government agency advises all users to update their devices as soon as security patches are available. It is expected that the security patches will be released in the coming weeks. So, users must ensure that they update their MediaTek-powered devices, such as smartphones, smart TVs, routers, and other connected devices, to stay protected.
What should you do?
The CERT-In requests all users of MediaTek devices to stay alert, install software updates promptly, and follow official guidelines to protect themselves against possible cyberattacks.
List of affected MediaTek chipsets
|Issue
|Affected Chipset
|Affected Software Versions
|Severity
|Vulnerabilty Type
|Heap Overflow in Bluetooth
|MT7902, MT7921, MT7922, MT7925, MT7927
|NB SDK release 3.6 and before
|High
|EoP (Elevation of Privilege)
|Null pointer dereference in wlan
|MT7902, MT7921, MT7922, MT7925, MT7927
|NB SDK release 3.6 and before
|Medium
|DoS (Denial of Service)
|Incorrect authorization in wlan
|MT6890, MT6990, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993
|SDK release 7.6.7.2 and before / OpenWrt 19.07, 21.02 (MT6890) / OpenWrt 21.02, 23.05 (MT6990)
|Medium
|EoP (Elevation of Privilege)
|Null pointer dereference in wlan
|MT7902, MT7921, MT7922, MT7925, MT7927
|NB SDK release 3.6 and before
|Medium
|DoS (Denial of Service)
|Null pointer dereference in Bluetooth
|MT7902, MT7921, MT7922, MT7925, MT7927
|NB SDK release 3.6 and before
|Medium
|DoS (Denial of Service)
|Null pointer dereference in Bluetooth
|MT7902, MT7921, MT7922, MT7925, MT7927
|NB SDK release 3.6 and before
|Medium
|DoS (Denial of Service)
|Uncontrolled recursion in ims service
|MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893.
|Modem LR12A, LR13, NR15, NR16, NR17, NR17R
|Medium
|DoS (Denial of Service)